[Japanese]
|
JVNDB-2015-000083
|
MilkyStep fails to restrict access permissions
|
MilkyStep provided by Igreks Inc. fails to restrict access permissions.
Note that this vulnerability is different from JVN#16409640.
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions (CWE-264).
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 6.4 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
Igreks Inc.
- MilkyStep Light Ver0.94 and earlier
- MilkyStep Professional Ver1.82 and earlier
- MilkyStep Professional OEM Ver1.82 and earlier
|
|
A remote attacker may alter product settings.
|
[Update the Software]
Update to the latest version according to the information provided by the developer.
|
Igreks Inc.
|
- Permissions(CWE-264) [IPA Evaluation]
|
- CVE-2015-2958
|
- JVN : JVN#74280258
- National Vulnerability Database (NVD) : CVE-2015-2958
|
- [2015/06/09]
Web page was published
[2015/06/16]
References : Content was added
|